If your organization is considering tactics to gather and leverage compliance data, listen to Evan Davison’s cautionary tale of improper assessments of human- and machine-generated data.
Davison, a security architect at Barling Bay LLC, spoke at the 2013 ISSA International Conference in Nashville, Tenn., in a session titled “Data mining for continuous monitoring and compliance reporting.” Before his session, Davison sat down with SearchCompliance to discuss pros and cons associated with analyzing information generated both by big data tools and human-created data entered into spreadsheets and other systems. Watch this video interview and read the transcript below to get the full story.
Have you uncovered any trends by gathering compliance data? What stands out as a cautionary tale or an opportunity to do things differently?
Evan Davison: I think the biggest piece that we’ve uncovered is when we use automated controls. That’s part of the point of this, of using big data for compliance: You can automate the assessment process for some controls. As you do that, you’ll often become very cautionary because you start to see how things may not be as compliant as you thought they were.